Data Protection — News
The world’s fifth largest issuer of SSL (secure sockets layer) certificates, Global Sign, has stopped issuing certificates following a claim that its systems were compromised.
Hackers are using a new trick to cloak malicious files by disguising their Windows file extensions to make them appear safe to download, a Czech security company warned today.
The main U.S. law targeting cybercrime may need to be changed because it has allowed law enforcement agencies to target people who simply violate websites' terms of service or their employers' computer use policies, two senators said Wednesday.
Analysts at an Israeli company that infiltrates online forums to identify terrorists often claim responsibility for attacks to bolster their credibility, according to a recently-leaked cable from the U.S. Department of State.
Password strength is always being discussed because it is difficult to balance password strength with usability. Typically, resetting passwords is the main reason to call the helpdesk, indicating that passwords are too complex and / or change too frequently. Can we make passwords less complex without compromising security?
Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.
In December 2010, a group of nearly 3000 activists under the name "Operation Payback" launched online attacks against PayPal, MasterCard, and Visa, briefly knocking the three financial services' sites offline and preventing consumers from accessing ATMs or online banking services. The activists retaliated against the three companies for severing ties with WikiLeaks, an online repository for whistleblower data that had recently included thousands of secret communications from the U.S. State Department and other world governmental agencies. Nine months later more than a dozen people--most between the ages of 19 and 24--were arrested in connection with these denial-of-service (DoS) attacks, even as new attacks were hitting corporate, military, and government sites worldwide.
Cybercrime today is run as a business, with ROI, user support, clear hierarchies and business plans. One aspect of this type of business is the high rate of innovation, leading to new technical advances in cybercrime proliferation.
Browser makers have generally been quick to react to the computer compromise at digital certificate issuer DigiNotar, but that hasn't been the case for all mobile phone makers.
Only about 20 percent of Americans think Macs are vulnerable to viruses, compared to more than half who describe PCs as "vulnerable" or "very vulnerable" to attack by viruses, according to Alex Stamos, a security analyst at iSec Partners.
The so-called Comodo Hacker has claimed credit for the breach of Dutch SSL (secure sockets layer) certificate authority DigiNotar, now known to be behind 531 forged certificates.
Sony has named US government cyber security czar Phillip Reitinger its first chief information security officer (CISO).
The newly filled post was one of Sony’s key responses to its first major customer data breach in which 77 million customers personal details were compromised.
Microsoft today updated Windows to permanently block all digital certificates issued by a Dutch company that was hacked months ago.
Reader Steve uses a program called Vipre Premium to keep his PC secure. The suite offers anti-virus, anti-malware, anti-spyware, a firewall, e-mail protection--basically, the works.But Steve also runs Malwarebytes Anti-Malware. And Microsoft Security Essentials (though with real-time protection turned off). Steve's question: should he turn on MSE's real-time protection and "run it concurrently with Vipre?"Short answer: no. Definitely not. In fact, I'd say Steve is running too much security software as it is. And that's a common mistake.For starters, the Vipre suite is more than sufficient. I can see keeping Malwarebytes Anti-Malware on hand just in case some infection sneaks through, but if you're using the Pro version--which, unlike its freebie sibling, offers real-time scanning--then it's competing with Vipre. In fact, when you overlap security products like that, they can seriously impact system performance and even falsely recognize each other as being a threat.My advice: keep your security tools to a bare minimum. In fact, if you're running Windows 7 (which Steve is), you're already adequately equipped to handle the majority of security threats. Windows 7 offers a solid firewall, and its built-in Windows Defender should block most spyware and pop-ups.Meanwhile, Internet Explorer 9 provides robust protection against phishing, malware, and other browser-related threats. (In fact, some tests have shown it to be the safest browser, period.) Cap that off with Microsoft Security Essentials and browser plug-in Web of Trust, and you've got yourself a nearly bulletproof PC. (I speak from experience: that's my exact configuration, and I haven't had an infection of any kind, well, ever.)Bottom line: don't overdo the security software. Too much is not a good thing.Contributing Editor Rick Broida writes about business and consumer technology. Ask for help with your PC hassles at firstname.lastname@example.org, or try the treasure trove of helpful folks in the PC World Community Forums.
IT people who try to secure mobile devices in a big company face three big conceptual problems.
Microsoft is rolling out a worldwide patch that deems all DigiNotar SSL certificates to be untrustworthy except for OSes in the Netherlands, as requested by the Dutch government.
London's City University has gained funding for a new Centre for Cyber and Security Sciences, which will offer research and consultancy across a range of once-disparate but suddenly important areas of computer security.
Iranian internet users whose security may have been compromised by the forged Google.com digital certificate could number in the hundreds of thousands. An interim report (PDF) commissioned by DigiNotar, the certification authority (CA) at the centre of the hacking incident, also reveals lax security at the Dutch firm.
Microsoft said Sunday that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.
On 28 August Iranian citizens were subjected to a far reaching cyber snooping operation made possible by an attack on Dutch certificate authority DigiNotar.
Sign up now »
RSA offers a wide range of strong two-factor authentication solutions to help organizations assure user identities and meet compliance requirements.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.